cfform won't sumbit

Posted 23 August 2011 - 06:47 AM

I've recently been hired at a federal agency to do intranet apps and I am NOT a web developer. I do C++ and JAVA and scientific simulation programming so this is a bit of a jump learning HTML, CSS, Javascript, and ColdFusion in a matter of weeks.

I was given a training project by my branch cheif and I'm having some problems. I can't seem to submit this form and get a confirmation page. Basically the submit button is dead. It can't seem to find the cfm on the server I think or is there something else wrong?

There is a page that submits a ECI number (some form of ID) to a page that displays a persons information that allows them to change their contributions to the CFC then it submits those values to a confirmation page that submits those values to the database.

Replies To: cfform won't sumbit

Re: cfform won't sumbit

Posted 23 August 2011 - 07:18 AM

maguscrowley, welcome to DIC and congrats on your new job! Thanks also for posting your code in the CODE tags.

I've had a quick look at the code for CFCfinalflex.cfm and believe I see your problem. First things first: this is not a CF problem per se but rather basic HTML (although decent CF error reporting could be helping you understand better what the problem is). The issue is embedded forms (I believe).

If you look at your line 69 you have this:

<form action="CFCConfirmation.cfm" method="POST">

In HTML, whenever you open a form tag, you also need to close it or you can get weird things happening. In your case, you open another form at line 102:

...but have not yet closed the form you opened at line 69 yet. A form close tag is what you have on line 105, BTW.

This will almost certainly be the reason why the form submission is not working. You should be generating some kind of error message with this but depending on how your server is set up, they may be being suppressed.

In any event, try placing a form close tag around line 71 and see if that doesn't fix your problem.

In addition however, there are two queries you have that are vulnerable to a particular type of hack attempt called a SQL injection attack. Specifically the query running from lines 63-67 in CFCfinalflex.cfm and the query running from line 39-43 in CFCConfirmation.cfm. The form values getting passed in, especially since they appear to be coming from a public access form, are being passed in without what is known as a bind parameter directly to your database. This is...well...quite unwise. Especially as this is dealing with SS benefits (aka: money). Depending on the version of CF you're running and the database those queries are accessing, you should consider re-writing the where statements in those queries to use CFQUERYPARAM. In addition to securing those two queries from a SQL injection attack, they'll also lend a slight speed boost to the query return times.

Finally, if/when you ever get to meet the previous CF dev, feel free to thank them for not commenting any of the code whatsoever. People like you (new devs unfamiliar with the code they're inheriting) is one of the reasons why you comment your code. Yours has literally one comment...and it's essentially useless.